Lucene search
K

2049 matches found

Nuclei
Nuclei
added 12 hours ago82 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS6.1AI score0.07986EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago32 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...

6.1CVSS6.5AI score0.08112EPSS
Exploits5References2
Nuclei
Nuclei
added 12 hours ago56 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added 12 hours ago120 views

Fastjson Insecure Deserialization - Remote Code Execution

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi-// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS7.4AI score0.3897EPSS
Exploits2References6
Nuclei
Nuclei
added 12 hours ago51 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS6.2AI score0.18703EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago64 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS6.2AI score0.06232EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago57 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS6.2AI score0.10317EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.4AI score0.1052EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago28 views

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

6.1CVSS6.4AI score0.03271EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago59 views

Phoenix Framework - Open Redirect

Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks. id: CVE-2017-1000163 info: name: Phoenix Framework - Open Redirect author: 0xAkoko severity: medium...

6.1CVSS6.4AI score0.0206EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago65 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.3AI score0.01024EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago139 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago84 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7AI score0.07849EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago75 views

Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting

Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...

6.1CVSS6.3AI score0.15987EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago73 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.2AI score0.08142EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago170 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.1AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago58 views

RealTek Jungle SDK - Arbitrary Command Injection

There is a command injection vulnerability on the "formWsc" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system. id: CVE-2021-35395 info: name: RealTek Jungle SDK - Arbitrary Command Injection...

10CVSS7.5AI score0.97961EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago72 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.5AI score0.01278EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago71 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7AI score0.07845EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago65 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. id: CVE-2021-26475 info: name: EPrints 3.4.2 - Cross-Site Scripting author: geeknik severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI...

6.1CVSS6.7AI score0.07326EPSS
Exploits1References5
Rows per page
Query Builder